When processing SCO packets, the handle is wrongly assumed as 16-bit
value. The actual size is 12-bits and the other 4-bits are used for
packet flags.
Signed-off-by: Marcel Holtmann <[email protected]>
---
net/bluetooth/hci_core.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
index 4e6d61a95b20..6a88954e67c0 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
@@ -4387,13 +4387,16 @@ static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
{
struct hci_sco_hdr *hdr = (void *) skb->data;
struct hci_conn *conn;
- __u16 handle;
+ __u16 handle, flags;
skb_pull(skb, HCI_SCO_HDR_SIZE);
handle = __le16_to_cpu(hdr->handle);
+ flags = hci_flags(handle);
+ handle = hci_handle(handle);
- BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
+ BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
+ handle, flags);
hdev->stat.sco_rx++;
--
2.24.1
Hi Marcel,
On Thu, Mar 5, 2020 at 10:28 AM Marcel Holtmann <[email protected]> wrote:
>
> When processing SCO packets, the handle is wrongly assumed as 16-bit
> value. The actual size is 12-bits and the other 4-bits are used for
> packet flags.
>
> Signed-off-by: Marcel Holtmann <[email protected]>
> ---
> net/bluetooth/hci_core.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
> index 4e6d61a95b20..6a88954e67c0 100644
> --- a/net/bluetooth/hci_core.c
> +++ b/net/bluetooth/hci_core.c
> @@ -4387,13 +4387,16 @@ static void hci_scodata_packet(struct hci_dev *hdev, struct sk_buff *skb)
> {
> struct hci_sco_hdr *hdr = (void *) skb->data;
> struct hci_conn *conn;
> - __u16 handle;
> + __u16 handle, flags;
>
> skb_pull(skb, HCI_SCO_HDR_SIZE);
>
> handle = __le16_to_cpu(hdr->handle);
> + flags = hci_flags(handle);
> + handle = hci_handle(handle);
>
> - BT_DBG("%s len %d handle 0x%4.4x", hdev->name, skb->len, handle);
> + BT_DBG("%s len %d handle 0x%4.4x flags 0x%4.4x", hdev->name, skb->len,
> + handle, flags);
>
> hdev->stat.sco_rx++;
>
> --
> 2.24.1
>
LGTM.
Hi Marcel,
On Thu, Mar 05, 2020, Marcel Holtmann wrote:
> When processing SCO packets, the handle is wrongly assumed as 16-bit
> value. The actual size is 12-bits and the other 4-bits are used for
> packet flags.
>
> Signed-off-by: Marcel Holtmann <[email protected]>
> ---
> net/bluetooth/hci_core.c | 7 +++++--
> 1 file changed, 5 insertions(+), 2 deletions(-)
Applied to bluetooth-next. Thanks.
Johan